Penetration Testing mailing list archives
Re: Pentesting Webserver
From: "Arian Amador" <arianamador () gmail com>
Date: Tue, 30 Oct 2007 08:35:12 -0400
There are certainly a lot of ways to perform an SQL attack. I'm not going to go into detail about specific tests you can perform cause its been covered to the point of exhaustion, but I am willing to point you in a couple of good directions. First check this site if you still haven't its got a wealth of knowledge including a great paper on 'Blind SQL Injection', etc... http://www.spidynamics.com/spilabs/education/whitepapers.html Also a resource I keep coming back is Ferruh Mavituna's SQL cheat sheet. Not only does it give great examples, but even better than that it explains each and everyone of them. http://ferruh.mavituna.com/makale/sql-injection-cheatsheet/ And don't forget its also possible to create overflow in DB programs...So you could also try that avenue. Hope some of this helps a bit. -- Arian Amador ------------------------------------------------------------------------ This list is sponsored by: Cenzic Need to secure your web apps NOW? Cenzic finds more, "real" vulnerabilities fast. Click to try it, buy it or download a solution FREE today! http://www.cenzic.com/downloads ------------------------------------------------------------------------
Current thread:
- Pentesting Webserver sherwyn . williams (Oct 29)
- <Possible follow-ups>
- Re: Pentesting Webserver cwright (Oct 29)
- Re: Pentesting Webserver infolookup (Oct 30)
- Re: Pentesting Webserver Arian Amador (Oct 30)
- Re: Re: Pentesting Webserver cwright (Oct 30)